Note
- We are distributing HDL codes of the ISO/IEC 18033-3 standard block ciphers.
- All the documents and comments in HDL codes are written in Japanese for now.
On-chip glitchy-clock generator
-
glitchy-clock_generator.zip
An on-chip glitchy-clock generator for the experiment of the
fault attacks on SASEBO. This work is presented in COSADE 2011 [1].
(Upload 2012/May/09) [1] S. Endo, T. Sugawara, N. Homma, T. Aoki, and A. Satoh, "An on-chip glitchy-clock generator and its application to safe-error attack," 2nd International Workshop on Constructive Side-channel Analysis and Secure Design - COSADE, pp. 175 - 182, Feb. 2011.
RSA
- RSA1024_RAM.v, RSA_tb.v
- RSASpec2007Oct11.pdf (in Japanese)
RSA processor with the Montgomery multiplier, and its testbench.
Note that a single-port synchronized memory
in the module is replaced to a behavioral model.
(Upload 2008/Apr/07)
Specification form for RSA1024_RAM.v
(Upload 2008/Apr/07)
JWIS2007
- JWIS2007.zip
HDL codes of the ISO/IEC 18033-3 standard block
ciphers. They were used for the performance
evaluation in [1]. The zip file contains 10
implementations for 6 algorithms (AES, Camellia,
SEED, CAST-128, MISTY1, TDEA).
[1] T. Sugawara, N. Homma, T. Aoki and A. Satoh,
"ASIC Performance Comparison for the ISO Standard Block Ciphers,"
The 2nd Joint Workshop on Information Security (JWIS2007), August 2007.
DES
- DES_ECB.v, DES_TB.v
- DESSpec2007Sep25.pdf
- DES_ECB_Akkar.v
- TDEA.v, TDEA_tb.v
- TDEASpec2007Sep25.pdf
DES encryption/decryption circuit and its testbench.
(Update 2007/Sep/25)
Specification form for DES_ECB.v
(Update 2007/Sep/25)
DES encryption/decryption circuit with a DPA
(Differential Power Analysis) / SPA
(Simple Power Analysis) countermeasure [1]
where a plaintext/ciphertext is masked by a
rundom number.
This sample code uses a constant 0x123456789abcdef as
a rundom number after the IP operation.
[1] M. Akkar, C. Giraud, "An Implementation of DES and AES, Secure against
Some Attacks", CHES2001
TDEA (a.k.a. Triple-DES) encryption/decryption circuit
(Update 2007/Sep/25)
Specification form for DES_ECB.v
(Update 2007/Sep/25)
AES
- AES.v, AES_TB.v
- AES_Comp.v, AES_TBL.v, AES_PPRM1.v, AES_PPRM3.v, and AES_ENC_TB.v
- AESSpec2007Sep25.pdf
AES encryption/decryption circuit and its testbench.
The key length is limited to 128 bits.
AES encryption/decryption circuits and their testbench.
S-boxes are implemented based on
Composite field, LUT, ANF (Arithmetic Normal
Form), and 3-stage
PPRM in AES_Comp.v, AES_TBL.v, AES_PPRM1.v,
AES_PPRM3.v, respectively. AES_Comp.v supports
both encryption and decryption,
while others support only encryption.
The key length is limited to 128 bits.
(Update 2007/Oct/04)
Specification form for AES2.v
(Update 2007/Sep/25)
Camellia
- Camellia.v, Camellia_tb.v
- CamelliaSpec2007Sep25.pdf
Camellia encryption/decryption circuit and its testbench.
The key length is limited to 128 bits.
(Update 2007/Sep/25)
Specification form for Camellia.v (Draft version)
(Update 2007/Sep/25)
SEED
- SEED_1clk.v, SEED_1clk_tb.v
- SEEDSpec2007Sep25.pdf
SEED encryption/decryption circuit and its testbench.
The key length is limited to 128 bits.
(Update 2007/Sep/25)
Specification form for SEED_1clk.v (Draft version)
(Update 2007/Sep/25)
MISTY1
- MISTY1_1clk.v, MISTY1_1clk_tb.v
- MISTY1Spec2007Sep25.pdf
MISTY1 encryption/decryption circuit and its testbench.
The key length is limited to 128 bits.
(Update 2007/Sep/25)
Specification form for MISTY1_1clk.v (Draft version)
(Update 2007/Sep/25)
CAST-128
- CAST128.v, CAST128_tb.v
- CAST128Spec2007Sep25.pdf
CAST-128 encryption/decryption circuit and its testbench.
The key length is limited to 128 bits.
(Update 2007/Oct/04)
Testbench for CAST128.v
(Update 2007/Sep/25)